Solved Malware blocking internet and antivirus software on Win 7

Status
Not open for further replies.

MASH

Posts: 23   +0
Hey guys,
I'm quite happy to have found this forum, and while I regret having this be my first post, both for the circumstances and adding to what is probably one of your main sources of single post accounts, I'm certainly breathing easier now that some form of help is on the way.
I've taken a look through the lovely tutorials and first step examples you have at the top of this section, but it looks like starting a new topic is the only way I can deal with this.

It's certainly not my first time with a virus, but after the results of my last run in (Malware that ended up forcing me to wipe my computer) I'm hesitant to do anything. After losing so much from my last computer the "what if-s" and "if only-ies" really started to build up and the problem seems to stem primarily from calling India. I don't have anything personally against the people who work at tech support, but it really just doesn’t seem to end well in my experience.

Sorry about that now to cut to the chase!
The Saturday of this past weekend I contracted typical fake antivirus malware after trying to download a video off of what in retrospect was probably an illegitimate site (If if's and buts....)
I immediately received the usual several alerts as well as one or two pop ups. Like my last run in it’s blocking me from launching my anti virus software (windows defender) and generating a fake message every time I attempt to use the internet, which is painfully obvious because the window it redirects to is a poorly replicated internet explorer error screen and I’m currently using safari.

So that’s about where I am at the moment, my computer is turned off and staring at me menacingly from across the room and I’m stuck on a borrowed lab top for now. If all goes terribly I at least have a back up on an external hard drive, a lesson I learned quite painfully from the last time.

Specs as best I can give them (not that computer savvy just mistaken for being as a young person I’m afraid.)
I’m running windows 7 on a Sager NP8760
Not sure if there’s anything else specific I should tell you guys, but I suppose you’ll let me know in time.

Thanks in advance!
-MASH
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=======================================================================

Let's see, if we can look at your computer booting from an external source.

Please download OTLPE (filesize 120,9 MB)

  • When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
  • Reboot your system using the boot CD you just created.
    • Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Your system should now display a REATOGO-X-PE desktop.
  • Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
  • Double-click on the OTLPE icon.
  • When asked Do you wish to load the remote registry, select Yes
  • When asked Do you wish to load remote user profile(s) for scanning, select Yes
  • Ensure the box Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the OTL.txt file in your reply.
 
Begging your pardon, but with the virus on my main computer blocking the internet do you suggest I download the file onto the borrowed one I'm using now (It's a mac not sure if that effects anything) and using a flash drive transfer it to my windows?
 
No, you can't use Mac. You'll need to find a friend with Windows computer to create that CD.
 
Is it a matter of finding another PC running windows 7 because I will be unable to complete the process on my infected computer even if I transfered it with external storage?
I'm hoping I misunderstood you because if it needs to be the same, finding a windows will be difficult, but to my knowledge I don't have any friends who run windows 7.
 
You can create that CD on any Windows computer, not necessarily with Windows 7.
 
But not on my infected computer because the virus compromises the process?
Sorry for going on like this I just need to be clear on your instructions.
 
Yes, you should create that CD on some other computer. Windows version won't matter.
 
I'll do my best to get the access of one. Thanks for the advice, I'll post up my results as soon as I can.
 
May get a chance this weekend and if not, perhaps sometime during the week. This step's is going to be a doozy, but trust that this topic is going to get pretty active again.
 
Thank god for neighbors. Finally got hold of a barrowed windows, but it looks like I only have CD-R and CD-RW at the moment. Going to make a run to the store when I can for a CD ROM which I suppose is the only one that will work correctly.
 
That is strange because thus far every time OTLPE attempts to burn to the drive it stay at 0%. I'll chock it up to the age of the labtop, but luckily a friend just gave me their net book so I'll try it all again this evening.
Thanks for clearing that up.
 
F@&K this is getting ridiculous. I've just gone through two discs trying to burn with OTPLE. Both times I get this error
"ImgBurn
I/O Error!
Device : [1:0:0] MATSHITA UJ-822Da 1.50 (E:) (ATA)

ScsiStatus 0x02
Interpretation; Check Condition
CDB: 2A 00 00 00 30 00 00 00 20 00
Interpreation: Write (10) - Sectorss : 12288 - 12319

Sense area F1 00 03 00 00 2D 85 OA 00 13 00 00 10 00 00 00 00 00
Interpretation: OD CRC or ECC Error"
 
CRC error usually means some disk error.
Possibly, also burning device problem.
Are you using good, working computer?
Bad download possible too.
 
If had some success now burning the CD, but jut hit another wall it would seem.
I tried the first tutorial from your link (pressing the Del key) and it seemed as if it was working.
I got a black screen with some white loading bar that said loading REATOGO-X-PE or something to that effect. After the loading bar reached the end it paused for a long while and eventually showed the windows XP boot screen. Not sure if this is normal because I would like to reiterate I'm using win 7 if this did not intentionally happen. Immediately after I get blue screen says "A problem has been detected and windows has been shut down to prevent damage to your computer." Then it goes on to what you would expect "if it's your first time check for virus etc".

....Any ideas?

EDIT
Also any ideas on how I can get out of this screen? Esc dose not work and it being a lab top I can't unplug it.
 
and eventually showed the windows XP boot screen. Not sure if this is normal because I would like to reiterate I'm using win 7
That's perfectly normal :)

Well, if the error happens, when booting from the CD, then you must have some hardware problem (possibly, on a top of some infection).

What is the exact error message?
I need all those numbers and the error name.
 
Ha thought you might so I snapped a picture before disconnecting my battery.

*** STOP: 0x0000007B (0xF78DA528,C0000034, 0x00000000, 0x00000000 )
 
Normally, this is "INACCESSIBLE_BOOT_DEVICE" error.
Since you're booting from a CD, than your hard drive is out of the picture.

...which brings me back to:

CRC error usually means some disk error.
Possibly, also burning device problem.
Are you using good, working computer?
Bad download possible too.
 
Are you sure? This time around I ran some scans on the other computer re-downloaded OTPLE and the program says it completed with out error.
Could it be something else I mean regarding the booting from disk I never actually saw much of a menu, I only tapped del and got to a loading screen. Maybe I triggered something else? The tutorial seemed to have a number of other steps and menus to get past first.
 
Status
Not open for further replies.
Back